Phishing
Attackers can use *.amazonaws.com to host their phishing websites.
Command and Control
The Pareto Botnet was found using *.amazonaws.com as their C&C servers.
Exfiltration
Attackers can create web applications with upload functionalities hosted on *.amazonaws.com and exfiltrate data on there. Alternatively, attackers can use *.s3.amazonaws.com as storage and upload exfiltrated files there.
Download
Malicious tools can be stored on *.amazonaws.com and downloaded when required.
Created: 2021-11-10
Last Update: 2021-11-10
Credits: mr.d0x